This patch places all unsupported MSRs in the intercepted_msrs[], but
don't implement any handlers in the switch clauses. Hence any
accesses from guests result in GP exceptions.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Put most of the emulated MSR number in emulated_msrs[], and remove
the individual calls to enable_msr_interception().
- vcpu_thread() injects General Purpose exception to the guest if any
VMEXIT handler doesn't return 0. This patch removes vcpu_inject_gp()
from all MSR VMEXIT handlers to keep the code clean.
- remove dead code.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
`@return` is dedicated for brief description of return values, not for comments
stating actual return values. In addition, sphinx + breathe does not join
multiple adjacent `@return`. This results in multiple `Return` sections in the
generated document, which is confusing.
This patch replaces `@return` with `@retval` for the lists of return
values. Adjacent `@retval` can be joined into one list by breathe.
v1 -> v2:
* Replace return value descriptions like `negative` and `positive` with
expressions like `<0` and `>0` in `@retval`.
* Keep the list of `@retval` comprehensive, even when there is a `@return` to
generally describe what the return value means.
* Drop duplicated `@return` when it does not give more information than the
`@retval` list.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is preferred to state the absence of a return value explicitly in the
doxygen-stile comments. Currently there are different styles of doing this,
including:
@return None
@return NULL
@return void
@return N/A
This patch unifies the above with `@return None`.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
MISRA-C requires that if the return value of a function call is
assigned to a local variable, this value shall be used in all paths.
This patch moves the variable assignment right before the moment that
the variable is used.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C required every switch statement shall have a default label.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently guest IA32_TSC_AUX MSR is loaded manually right before VM
entry, and saved right after VM exit.
This patch enables VM-Entry Control and VM-Exit Control to switch
MSR IA32_TSC_AUX between host and guest automatically. This helps to
keep vcpu_thread() function and struct acrn_vcpu cleaner.
Also it removes the dead code of intercepting IA32_TSC_AUX.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduce a new mode of IO request completion, polling mode.
Now, the sketch of ioreq process can be,
A. UOS vcpu0 generate PIO/MMIO ->
B. pcpu1(vcpu0 of UOS) trap into HV ->
C. pcpu1 build ioreq, send IPI and enter idle ->
D.1 pcpu0(vcpu0 of SOS) response IPI,
D.2 pcpu0 handle the ioreq in HV, kernel, DM,
D.3 pcpu0 mark ioreq as complete,
D.4 pcpu0 hypercall to enter HV ->
E.1 pcpu0 send IPI to wake pcpu1 up
E.2 UOS vcpu0 continue running
With this change, it skips D.4, E.1 steps. In step C, pcpu1 will enter a
polling ioreq state idle after send out the IPI.
It can save about ~5000 cpu cycles.
In polling mode, we do the polling in idle instead of pause cpu all the
time. It will consume more power. A better way is to use monitor/mwait
instructions which can put cpu into a sleep state with monitoring a
memory address. Unfortunately, APL has bug with monitor. We can gather
all ioreqs state into one monitorable memory and take advantage of
monitor/mwait for future platform.
The way polling or notification is per VM. We can config VMs in
different mode. By default, IO request completion will use notification
mode for all VMs. We can switch it by Kconfig.
Tracked-On: #1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, DMA remapping is enabled at very early stage, when there is no
device added.
Devices are added to VT-d context table when creating VMs.
There is potential risk that there may be device DMA transactions when DMA remapping is
enabled, but the device is not added to the VT-d context table. (Eg. this could happen in UEFI
enviroment when USB keyboard use in efi intenal shell.)
This patch defers DMA remapping enabling until vm creation.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
remove the usage of HV_DEBUG in hypercall.c and vmcall.c
TO-DO:
Enhance Makefile to compile debug/release into 2 libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ioreqs acrossing VM reset is meaningless. So we reset their status when
VM reset.
Please note, device model and service os need to handle various ioreqs
pending status in emergency reset condition carefully. Otherwises, the
post processing of such ioreqs might overwrite this reset.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Even in partition mode, we also need to clear vmid in vmid_bitmap to
indicate the VM is not present.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- instr_check_gva
- vlapic_set_local_intr
- prepare_vm
- enter_s3
- emulate_instruction
- ptdev_intx_pin_remap
- register_mmio_emulation_handler
v1 -> v2:
* discard the return value of enter_s3
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
fix the following integer violations:
1. Signed/unsigned conversion without cast
2. Literal value requires a U suffix
3. Implicit conversion of underlying type
v3 -> v4:
* change the type of npk_loglevel/mem_loglevel/console_loglevel
from uint32_t to uint16_t
v2 -> v3:
* discard the return value of update_ept
* discard changes related to npk loglevel
v1 -> v2:
* remove the unnecessary changes related to the false positive
issues caused by scanning tool
* change the type of the local variable 'vlapic_id' from uint8_t
to uint32_t in function 'vlapic_build_id'
* change the type of the struct member 'flags' in shared_buf from
uint64_t to uint32_t
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
clean up mmio_read/mmio_write in instr_emul.c
- make these two functions inline
- discard the return value and add the pre condition
- rename these two functions to vie_mmio_read/vie_mmio_write
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- vlapic_set_intr
- vlapic_intr_edge
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
to decrease the value of 'create_vcpus' in fail case.
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
this patch is to avoid posisble inconsisent states for
VMs and vCPUs in configuration that SOS is SMP based
and Device Model may be multi-threads based.
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_EMULATED_MMIO_REGIONS 16 in Kconfig
-- Add emulated mmio array and emulated mmio regions
in vm structure
-- Remove mmio list in vm structure
-- Remove unregister_mmio_emulation_handler and
vioapic_cleanup APIs
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Add emulated port io index
-- Add emulated pio array in vm structure
-- Remove port list in vm structure
-- Remove free_io_emulation_resource/register_io_handler/
create_io_handler APIs
v2-->v3:
-- not add 'is_emulated', check len == 0U
-- Check if io_read/io_write handler is NULL before calling
-- Replace ENUM with MACRO for emulated pio index to avoid
MISRA-C violations
v1-->v2:
-- Remove EMUL_PIO_NUM in Kconfig, add emulated pio index
for PIC/PCI/UART/RTC/PM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
v1 -> v2:
* update the U suffix of constant to let the type of operands
to bit operations (&) is the same.
* update the type of 'i' from uint64_t to uint16_t in
'profiling_set_control' since it is limited by phys_cpu_num,
which is uint16_t.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is not necessary to use atomic operation to
set the initial value for 'created_vcpu' in vm structure.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
- Fix the integer violations related to the following rules:
1. The operands to shift operations (<<, >>) shall be unsigned
integers.
2. The operands to bit operations (&, |, ~) shall be unsigned
integers.
- Replace 12U with CPU_PAGE_SHIFT when it is address shift case.
v1 -> v2:
* use existed MACRO to get bus/slot/func values
* update PCI_SLOT MACRO to make it more straightforward
* remove the incorrect replacement of 12U with CPU_PAGE_SHIFT
dmar_fault_msi_write
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For data structure types "struct vm", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vm *vm-->struct acrn_vm *vm
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu_arch", its name
shall follow Naming convention.
Naming convention rule:If the data structure type is
used by multi modules, its corresponding logic resource
is exposed to external components (such as SOS, UOS),
and its name meaning is simplistic (such as vcpu, vm),
its name needs prefix "acrn_". Variable name can be
shortened from its data structure type name.
The following udpates are made:
struct vcpu_arch arch_vcpu-->struct acrn_vcpu_arch arch
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vcpu *vcpu-->struct acrn_vcpu *vcpu
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
ACRN, in partition mode, supports LAPIC pass-thru to guests. Guest needs
to use x2APIC mode of LAPIC for pass-thru to be enabled.
ACRN also needs the user to configure lapic_pt to true in vm_desc
for the VM.
Interrupt Command Register (ICR) is the only APIC register that is
intercepted. Reference code in partition/vm_description.c enables
LAPIC pass-thru for vm2.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support for self-IPI virtualization when guest
uses vLAPIC in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
When guest switches from xAPIC mode to x2APIC mode of vLAPIC operation,
MSRs are used to access vLAPIC. This patch adds APICv support for
MSR accesses to vLAPIC. Switching from xAPIC to x2APIC is supported via
APIC BASE MSR. Other modifications like disabling and switching back to
xAPIC are not supported.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support to return APIC ID if guest uses vLAPIC
in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch converts x2APIC MSR accesses to corresponding LAPIC MMIO offset to
utitlize vlapic_write/read APIs to virtualize LAPIC. Also adds support to inject
GP fault when read-only registers are attempted to be written to or vice versa.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
When guest uses vLAPIC in x2APIC mode, ICR write is a single MSR write.
Also, the destination field for device interrupts and IPIs should not be
handled in the same way as xAPIC mode. This patch adds support for x2APIC
mode operation of guest vLAPIC.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
x2APIC ID and LDR are in different format compared to xAPIC mode of operation.
This patch adds code to build ID and LDR when guest uses vLAPIC in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Extending enable_msr_interception to accept mode as input. Mode specifies
if the API user wants ACRN to intercept on read-only or write-only or both
read and write or disable MSR interception altogether.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Accessing x2APIC MSRs in xAPIC mode should result in GP exception according
to SDM section 10.12.2. Adding support to ACRN to inject GP into guests for
the same reason.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Replace dynamic memory allocation in memory management with static memory allocation.
Since the static memory allocation can guarantee the allocation never failed, so
split_large_page and construct_pgentry don't need to return a errno any more.
Besides, the destroy_ept don't need to free page any more. Instead, it would memset
the eptp to 0 to make sure we can't walk this paging table again.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add static paging table allocation API for hypervisor.
Note: must configure PLATFORM_RAM_SIZE and PLATFORM_MMIO_SIZE exactly as the platform.
Rename RAM_START/RAM_SIZE to HV_RAM_START/HV_RAM_SIZE for HV.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add size check for other hypervisor console command;
they could be overflow for shell log buffer output.
Tracked-On: #1587
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
After enabling vPCI in hypervisor for vm0, UOS may not able be launched
successfully. Consider this scenario (take MSI-X for example):
- DM makes hypercall to hypervisor to do MSI-X remapping on behalf of
UOS guests.
- After the hypercall, VHM module in SOS kernel updates the physical
MSI-X table with the physical Message Data/Addr.
- These MMIO write requests are intercepted by hypervisor, which will
call ptdev_msix_remap() to do MSI-S remapping.
It may fail due to 2 possible reasons:
1) wrong target VM because:
hypervisor thinks it's a VM0 MSI-X device but they have been registered
as UOS guests through HC_SET_PTDEV_INTR_INFO hypercall.
2) wrong ptdev_msi_info->vmsi_data because:
The virtual MSI-X table is supposed to hold virtual Message data/addr
but the SOS VHM writes the physical ones to it.
This patch resolves these problems by ignoring the HC_VM_PCI_MSIX_REMAP
hypercall, so virtual and physical Message Data are the same from SOS'
perspective and it won't mess up the virtual PCI device in HV.
Also in HC_SET_PTDEV_INTR_INFO handler, vpci updates the target VM
when the PCI devices are assigned to different VMs.
The UOS' MSI/MSI-X remapping is triggered by hypervisor when SOS (either
DM or VHM) updates the Message Data/Addr.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For SOS BSP, we reuse native saved cs.limit
For UOS BSP, we set cs.limit in DM
For AP, we use initialized data from realmode_init_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
- flush L1 cache before VM entry only on platform
affected by L1TF
- flush operation is configurable by below MACRO:
--CONFIG_L1D_FLUSH_VMENTRY_ENABLED
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
The operands to shift operations (<<, >>) shall be unsigned integers.
v1 -> v2:
* replace 12U with CPU_PAGE_SHIFT when it is address shift case.
* replace 6UL with 0x6UL
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Guest OS can use vLAPIC in x2APIC mode. Upon vlapic_reset, vLAPIC should
be set to xAPIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Functions shall not call themselves, either directly or indirectly.
V1->V2:
add pre-assumption.
V2->V3:
when vector < 16,call vlapic_set_error
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we compare vcpu_id with phys_cpu_num,
vcpu_id is not related with phys_cpu_num,
this patch cleanup them.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch adds support to sep/socwatch profiling
Adds 2 new files include/arch/x86/profiling.h and arch/x86/profiling.c
which contains most of the implementation for profiling,most of the functions
in profiling.c have dummy implementation and will be implemented in next patches
a. cpu.c, Initial profiling setup is done as part of bsp_boot_post
and cpu_secondary_post flow
b. vmcall.c, New ioctl is added for performing profiling related
operations in vmcall_vmexit_handler
ioctl - HC_PROFILING_OPS
function - hcall_profiling_ops()
c. common/hypercall.c, hcall_profiling_ops() implementation.
d. hv_main.c, In vcpu_thread calling profiling related functions
to save vm context
e. acrn_hv_defs.h, list all the profiling command types
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
Fix violations whose parameter can be read-only.
This patch only fix the parameter whose name is vcpu.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Fix violations for function whose parameter can be read-only.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
guest software loading is per VM instead of vcpu. So we move it
from prepare_vcpu to prepare_vm. And make sure it's called for
all VMs for partition mode.
Tracked-On: #1565
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
There's no need to walk these paging tables to transfer HPA to GPA
for a VM, so remove it.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Pointer param should be declared pointer to const if
the parameter is keeped read-only.
This patch changes pointer param whose name is vm.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Not return NULL for vcpu_from_vid
We have replaced dynamic memory with static memory for vcpu,
then if vcpu_id is valid, this API should not return NULL.
-- Simplify the for-loop when walk through the vcpu
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace platform_acpi_info.c with platform_acpi_info.h and define needed
host ACPI info in MACROs. Then the struct host_acpi_info is not needed
any more.
This header file should be generated by offline tool automatically;
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
Return value should be checked,fix it by add
"void" when the function return value is not used.
V1->V2:
replace printf with pr_warn.
V2->V3:
change the commit to make read easily.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C required the suffix(U/UL), such as:
(1) ---> (1U)
(1) ---> (1UL)
(1U << 0) ---> (1U << 0U)
This patch will add the suffix(U/UL) to come up MISRA-C into
hypervisor/include directory.
Tracked-On: #1468
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
to enable APICv Posted interrupt supported, following the
specifications defined in Intel SDM Section #29.6, Volume3.
Posted-interrupt processing is a feature by which a processor
processes the virtual interrupts by recording them as pending
on the virtual-APIC page.
Injecting interrupts to VCPU from remote CPU without causing
VM exit on the destination, following steps in SDM Section 29.6,volume3:
Tracked-On: #1447
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, UOS will use hypercall to init BSP state, we could remove
set_bsp_real_mode_entry() and set_bsp_protect_mode_regs().
For SOS, GDT will inherit from SBL or UEFI. For UOS, DM will
prepare GDT. We don't need hypervisor to prepare GDT for guest.
The entry_addr of vcpu struct could be removed. The guest entry
is set through BSP rip register.
GUEST_CFG_OFFSET is not needed any more after this patchset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move vcpu mode set to function vcpu_set_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For UOS, there is no BSP init state saved in hv. We always need
DM to set BSP init state by using hypercall. So we can't auto
start vm during vm reset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, we make UOS to set BSP init state by using hypercall. We
could drop the old UOS loader in HV and make vm loader in HV
only for SOS.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
DM will use this hypercall to initialize the UOS BSP state.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vcpu state is initialized outside of init_guest_state:
- SOS BSP state is initialized in SOS loader
- UOS BSP state is initialized in UOS loader
- AP state is initialized during SIPI signal emulation
We could make init_guest_state only update the vcpu state
to VMCS structure.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NOTE: this patch is only workaround patch for UOS BSP state init.
Eventually, the DM will call hypercall to init UOS BSP state.
We use this workaround patch here to simplify the init_guest_state.
Will make the caller of init_guest_state calls init_guest_vmx
directly.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With reset_vcpu_regs as pre-condition, we only need to set
cs_selector and cs_base for AP.
We call set_ap_entry in two places:
1. When emulation AP SIPI
2. When sos BSP resume from S3. The BSP is resumed to real
mode with entry set to wakeup_vec. We call set_ap_entry
API here with entry twisted from wakeup_vec.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This reset_vcpu_regs function will reset the vcpu registers to
default value: realmode with entry 0xFFFFFFF0
Make call to reset_vcpu_regs during create_vcpu and reset_vcpu
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If defined CONFIG_VM0_DESC, HV will use predefined vm0_desc
to config VM0,now it is unneccessary, then remove these code.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- add missing brackets for 'if/else' statements based on MISRA-C
requirements
v1 -> v2:
* add brackets for each conditions in 'if' statements to improve
the readability
* modify 'ptdev_init' to make the logic clearer
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
In the current hypervisor design, when HPA is not
found for the specified gpa by calling gpa2hpa or
local_gpa2hpa, 0 will be returned as a error code,
but 0 may be a valid HPA for vm0; error checking
is missed when invoking gpa2hpa or local_gpa2hpa;
when invoking lookup_address, the caller guarantees
that parameter pointer pml4_page and pointer pg_size
is not NULL.
If local_gpa2hpa/gpa2hpa returns a invalid HPA,
it means that this function fails to find the
HPA of the specified gpa of vm. If local_gpa2hpa/gpa2hpa
return value is a valid HPA, it means that this
function have found the HPA of the specified gpa of vm.
Each valid vm's EPTP is initialized during vm creating,
vm's EPTP is valid until this vm is destroyed. So the caller
can guarantee parameter pointer pml4_page is not NULL.
The caller uses a temporary variable to store page size.
So the caller can guarantee parameter pointer pg_size
is not NULL.
In this patch, define a invalid HPA for gpa2hpa and
local_gpa2hpa;add some error checking when invoking
local_gpa2hpa/gpa2hpa;add precondition for lookup_address
function and remove redundant error checking.
V1-->V2:
Define INVALID_HPA as a invalid HPA for gpa2hpa
and local_gpa2hpa;
Updated related error checking when invoking
gpa2hpa or local_gpa2hpa;
V2-->V3:
Add some debug information if specified gpa2hpa
mapping doesn't exit and ept_mr_del is called;
Update INVALID_HPA definition easier to be reviewed.
V3-->V4:
Add vm->id and gpa into pr_error;
Add precondition to ept_mr_del to cover [gpa,gpa+size)
unmapping case.
V4-->V5:
Update comments;
Update pr_error message.
Tracked-On: #1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
1.Function return type inconsistent
2.cast on a constant value
V1->V2 add () to return type
V2->V3 keep the sbuf_get and sbuf_put return code
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Expression should be boolean immediate before 'if','while' key-words.
V1->V2 add () to bool expression
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add is_long_mode to check whether the processor is operating in IA-32e mode
add is_paging_enabled to check whether paging is enabled
add is_pae to check whether physical address extension is enabled.
Tracked-On: #1379
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Loop the global vm_array[] instead of the vm_list.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Replace dynamic memory allocation with static memory
-- Remove the parameter check if the vm is NULL
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is ready for next one,we will switch from
pointer to embedded structures such as structure vcpu,
some const qualifiers can be improper and raise compilation errors,
this patch remove const qualifier for struct vm.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are chances that names with leading underscore declared by
developers are conflict with the ones reserved for the compiler.
What this patch does:
- rename these functions/variables/macros starting with
underscore to avoid such unintentational mistakes.
- remove gpr.h without any contents
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add struct acrn_vcpu_regs and make struct boot_ctx based on
struct acrn_vcpu_regs.
vm0_boot_context is also changed from struct boot_ctx to struct
acrn_vcpu_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
struct seg_desc_vmcs is actually for segment descriptor vmcs fields.
Change its name to vmcs_seg_field
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The printf related functions have been called by other various
functions, e.g. get_ptdev_info(), get_ioapic_info, etc. The patch
is used to clear up the usage.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. The wrong operand size is assigned in instruction decode phase
if the operand size is 1 byte.
According to the SDM, the bit 0(w bit) of opcode should be checked
first to detect whether the operand size is 1 byte. Then, check
whether there is prefix to overwrite the default operand size.
The original instruction decode doesn't care about the operand
size. But do opsize fixup during instruction emulation phase.
With ACRN we need operand size packed to ioreq and send to DM
after instruction decode.
2. We should always touch the GPA by following opsize to avoid side
effect (especially when GPA is for a MMIO).
Tracked-On: #1337
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the following issue pointed by Xiangyang and Junjie.
There are some macro arguments acting as formal parameter names.
Drop such arguments since they make no difference to the expanded
implementation and they might confuse some developers.
Here is an example.
'ptr' is dropped in this patch, which is acting as a formal parameter
name and make no difference to the expanded implementation.
-#define build_atomic_load(name, size, type, ptr) \
+#define build_atomic_load(name, size, type) \
static inline type name(const volatile type *ptr) \
{ \
type ret; \
asm volatile("mov" size " %1,%0" \
: "=r" (ret) \
: "m" (*ptr) \
: "cc", "memory"); \
return ret; \
}
Some minor coding style fixes are also included in this patch.
- use TAB for the alignment rather than mixing TAB with space
- fix some typo in the comments
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
merge hv_lib.h and hypervisor.h into one file
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the compiler warning and turn on the flag to make
compiler warning as compiler error.
Tracked-On: #1343
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently the acrn-hypervisor is using the PLATFORM_IPI vector to notify
the sos_kernel. And then sos_kernel will handle the notification from acrn
hypervisor in PLATFORM_IPI ISR. But as the PLATFORM_IPI ISR can be registered
by the other modules, it will have the conflict when trying to register
acrn intr ISR. So the HYPERVISOR_CALLBACK_VECTOR will be used instead.
In order to switch the notification vector from PLATFORM_IPI to
HYPERVISOR_CALLBACK_VECTOR, one API is added so that sos can configure
the up-notifier interrrupt vector.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC checks whether a variable is assigned a value not used in
all branches of a program. Var value which is unused on all paths
can be removed with a consequent improvement in the readability
and efficiency of the code. This patch is used to fix these
violations.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
In some cases, we will keep the unused parameters.
vmexit handler is one example. It is used as function pointer.
Some of the vmexit handlers use the input parameter 'vcpu', some of
them don't. We still need to keep the unused parameters 'vcpu' for
those handlers don't use 'vcpu'.
This patch removes the unused parameters that is not being used
unconditionally.
v1 -> v2:
* remove the non-implemented API 'vlapic_id_write_handler'
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that every switch case shall be terminated with break
to avoid the unintentional fall through.
The code will become redundant if we enforce this rule.
So, we will keep the current implementation for the following two cases.
1. The fall through is intentional.
2. The function is returned in the switch case.
If we decide to eliminate the mutiple returns in one function later,
this case would be handled properly at that time.
What this patch does:
- add the mssing break for the default case
- add the pre condition for some functions and remove the corresponding
panic which will never happen since the function caller could guarantee
the pre condition based on the code implementation
v1 -> v2:
* remove the redundant cases above default in 'vlapic_get_lvtptr'
* add the similar pre condition for 'lvt_off_to_idx' as
'vlapic_get_lvtptr' since all the function callers could guarantee it
* remove the assertion in 'lvt_off_to_idx' since the pre condition
could guarantee that the assertion will never happen
* add the similar pre condition for 'vpic_set_irqstate' as
'vioapic_set_irqstate' since all the function callers could guarantee it
* remove the assertion in 'vpic_set_irqstate' since the pre condition
could guarantee that the assertion will never happen
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The hypercall can be used by SOS/DM to monitor UOS
pass-thru devices' interrupt data; and if an "interrupt
storm" happens in UOS, it can be used to delay the UOS
PTdev interrupt's injection for sometime.
The two functions are implemented by one hypercall with
two sub-commands, and with the data/params in the buffer.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- use sizeof(struct lapic_regs),instead of arbitrary size
to lear 'apic_page' memory region in vlapic.c
- fix potential buffer overflow issues in vpic.c & ioapic.c
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirement about implict conversion: actual to formal
param. This patch is used to fix part of these violations.
1.Add a new structure seg_desc_vmcs to hold the VMCS field address of
segment selector to clean up seg_desc structure.
2.Add the definition of maximum MSI entry and the relevant judgement.
3.The violations in shell.c, logmsg.c will be fixed in other series of
patches with modification of function snprintf(), vsnprintf() and other
related usages.
v1->v2:
*Move the definition of struct seg_desc_vmcs from instr_emul.h to
instr_emul.c.
*Modify the formal parameter type in function definition from uint8_t
to char instead of using cast.
*Drop the const declaration for char data in formal parameter.
v2->v3:
*update the data missing conversion.
*change type of internal parameter len to avoid casting in npklog.c.
*change the conversion from signed char to unsigned int in
uart16550_getc() to solve sign-extension.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor hypercall, first all vcpu is
allocated to SOS, vcpu's vm field is initialized to vm0.
When the vcpu is offlined, vcpu will be paused and vcpu's
vm field is set as NULL by DM. When UOS is created, vcpu's
vm field is set as UOS's vm. So when vmcall_vmexit_handler
is invoked, vcpu's vm filed is always non-NULL.
error checking for vm pointer is done in the function
"vmcall_vmexit_handler", vmcall_vmexit_handler will
guarantee that vm is vm0.
So all hypercall functions (these functions is just for handler
hypercall, except vmcall_vmexit_handler) don't need to check
whether invoking vm is NULL and don't need to check whether
invoking vm is vm0 or not.
Remove related invoking vm error checking for hypercall handling.
V1 --> V2:
Add pre-condition for hypercall in the head file.
V2 --> V3:
Add pre-condition for copy_from_gpa and copy_to_gpa.
V3 --> V4:
Add pre-condition both in the head file and source file.
Tracked-On:#1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vie->opcode should be updated when decode_two_byte_opcode(),
otherwise for two bytes opcode emulate(movzx/movsx) will fail.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
MISRAC has requirements about literal value requires a U suffix and
signed/unsigned conversion with cast. This patch is used to solve
these violations.
v1->v2
*Drop the cast of sz from uint32_t to int32_t, the signed/unsigned
violation of nchars will be solved by other patch together with
printf/sprintf/console/vuart/uart code.
*Delete the unnecessary L suffix of shifting operand.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Reviewed by: Junjie Mao <junjie.mao@intel.com>
According to SDM 4.6 Access Rights definition, if SMAP/SMEP
is enabled, more conditions are used to decide the access rights
like SMAP/SMEP, EFLAGS.AC, R/W bit in every paging-structure entry
for page walking.
This patch add the check to guest page walking function and inject
page fault accordingly.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The current movs emulation has issues:
1. it use gva to get/put data.
2. it only support src and dst operand are memory which does not
apply to our case (one of them should be mmio and triggers
EPT voilation).
This patch fix the issue by:
1. convert the address from gva to hva before access it.
2. handle mmio emulation.
Also fix the issue introduced by previous instruction reshuffle
patchset:
1. the desc validation should be only applied to none-64bit mode.
2. gva2gpa should be given correct guest virtual address.
Specailly for movs, we cache the dst gpa if the check during
movs decoding success. And use it directly during movs
emulation.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Tested-by: Qi Yadong <yadog.qi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- update 'vlapic' in 'struct vcpu_arch' from pointer
to instance
-- add inline function(vcpu_vlapic) in vcpu.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move structure vlapic_pir_desc/vlapic_timer/
acrn_vlapic from vlapic_priv.h to vlapic.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for apicv_apic_access_addr
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for msr_bitmap
inside structure vm_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace vmcs pointer with static memory for vmcs region
inside structure vcpu_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- convert function like macros to inline functions based on MISRA-C
requirement
- remove some unused and duplicated macros
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
as SOS mapped all memory at the beginning, so trap vlapic need unmap its
memory; for UOS, there is no need as UOS never mapped it.
Tracked-On: #1124
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
for each pass-thru device and its entry owned by one VM, so
change the pass-thru device's softirq lock & entry list into
per VM, so one VM's PT device interrupt process will not
interfere with other VMs; especially in case one user OS
"interrupt storm" happens, it will have little effect on
service OS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that each function defined and declared shall be called
or referenced in code analyzed.
In some cases, we would like to keep the non-called functions for code
completeness, such as
vcpu_inject_extint/vcpu_inject_nmi/vcpu_inject_gp/vcpu_inject_pf
/vcpu_inject_ud/vcpu_inject_ac/vcpu_inject_ss.
This pacth removes some functions that are independent and are not
called in our code base.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that each parameter in the MACRO shall be in brackets.
In some cases, adding brackets for all of the parameters may not be a
perfect solution.
For example, it may affect the code readability when there are many
parameters used in the MACRO.
And duplicated brackets will appear when one MACRO called another MACRO
which is using same parameters.
This patch convert some MACROs to inline functions to avoid such cases.
v1 -> v2:
* Remove the unnecessary changes in hypervisor/bsp/uefi/efi/boot.h
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
We have two same log message in decode_instruction. It's a little bit confusing.
So, this patch refine the log message to make it more explicit.
BTW, we refine one message in create_vcpu.
Tracked-On: #1136
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the following issues:
- No newline after semi colon.
- No space after semi colon in for expression.
- No space between if, while, for and expresn.
v1 -> v2:
* Fix the typo for the for loop change.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
VMs in partition mode uses a kernel patch to switch to physical mode xAPIC.
The kernel patch together with this patch makes sure device MSIs use
physical mode as DM and physical APIC IDs in Destination field.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
This patch fixes the following issues:
- Assignment operation in expression.
- For loop incrementation is not simple.
- No brackets to loop body.
- Use of comma operator.
v1 -> v2:
* Replace &x->y with &(x->y) based on our new coding rule
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Change guest_msrs in vcpu data structure from pointer to array, which
could avoid the dynamic memory allocation.
v1 -> v2:
* Remove the unnecessary initialization for guest_msrs[] since vcpu is
allocated by calloc.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- rename struct vioapic --> struct acrn_vioapic
-- update 'vioapic' field in 'struct arch_vm' from pointer
to instance
-- change vm_ioapic(vm) to inline, and move it to vm.h
-- change vioapic_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vuart' field in 'struct vm' from pointer
to instance
-- replace MACRO with inline function for vm_vuart,
and move it to vm.h
-- change vuart_init to void type
-- rename struct vuart -->struct acrn_vuart
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vpic' field in 'struct vm' from pointer
to instance, and move it from 'struct vm' to 'struct arch_vm'
-- replace MACRO with inline function for vm_pic, and move it
to vm.h
-- changed vpic_init to void type
-- removed vpic_cleanup
-- move struct acrn_vpic/i8259_reg_state from vpic.c to vpic.h
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- by default, ACRN will not support platform without
below APICv features:
-- Use TPR shadow
-- APIC-register virtualization
- remove mmio emualtion of local APIC for guest
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, the address translation type for passthrough devices
in SOS is passthrough type, which means the device in SOS can access
the whole physcial memory.
This patch uses SOS EPT to translate address for passthrough
devices. So that the memory of VMM or trusty can be protected from
SOS PTDev.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For the instructions other than MOVS, one operand is register
and another one is memory which trigger EPT voilation. In this
case, there is one possibility that EPT voilation happens before
guest fault:
the fault is triggered by related guest PTE access bit
voilation (like write to a gva with R/W bit cleared in PTE).
So we do this kind of check and inject exception to guest
accordingly during instruction decoding phase.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Unlike the other instructions we emulated, MOVS has two operands
both are memory.
So we need to check whether the operand is valid GVA. With VMX
enabled, the src operand is always checked first by VMX. Which
means if src operand is not valid GVA, it will trigger fault
in guest before trigger EPT. So we don't need to check src
operand. Only need to check dst operand here.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Drop the get_gla function and add
- get_gva_di_si_nocheck
get gva from ES:DI and DS(other segment):SI without
check faulure case
- get_gva_di_si_check
get gva from ES:DI and DS(other segment):SI with failure
case checked
TODO:
- Save dst_gpa and src_gpa for instruction emulation phase
use.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We will do check only during instruction decode phase.
vie_calculate_gla will be called both in instruction emulation
phase, we move the check out of vie_calculate_gla.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
According to SDM vol3 25.1.1
With VMX enabled, following exception will be handled by guest
without trigger VM exit:
- faults based on privilege level
- general protection due to relevent segment being unusable
- general protection due to offset beyond limit of relevent segment
- alignment check exception
ACRN always assume VMX is enabled. So we don't need to these check
in instruction emulation. But we need to do page fault related check.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
If rm show there is no SIB following rm field, we should get
base_register info from rm.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- call these functions directly, no need to register
callbacks.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The hypercall HC_SETUP_HV_NPK_LOG is added to enable/disable/configure
the hypervisor NPK log.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: Zhonghua Sun <zhonghua.sun@intel.com>
Reviewed-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The apicv is one hardware acceleration feature of vlapic. All vlapic
APIs should keep vlapic_ as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
From SDM Vol3 10.4.6:
Some processors permit software to modify the APIC ID. However, the
ability of software to modify the APIC ID is processor model specific.
Because of this, operating system software should avoid writing to the
local APIC ID register.
So to permit change APIC ID is not one *must* feature. Keep it simple,
we are also reject to modify it.
This patch does code cleaning up for LAPIC ID related emulation.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since these APIs always return 0,
change them to void type,
vcpu_set_cr0()
vmx_write_cr0()
vcpu_set_cr4()
vmx_write_cr4()
kick_notification()
tsc_deadline_handler()
dmar_fault_handler()
ptdev_interrupt_handler()
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
- Clean up some code regarding to % and / operations since bit
operations are faster.
x % 64U ---> x & 0x3fU
x % 32U ---> x & 0x1fU
x % 16U ---> x & 0xfU
x % 8U ---> x & 0x7U
x % 4U ---> x & 0x3U
x % 2U ---> x & 0x1U
x / 64U ---> x >> 6U
x / 32U ---> x >> 5U
x / 16U ---> x >> 4U
x / 8U ---> x >> 3U
x / 4U ---> x >> 2U
x / 2U ---> x >> 1U
- Minor changes regarding to coding styles
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- update 'apic_page' field in 'struct acrn_vlapic',
from pointer type to 'struct lapic_regs' type.
- delete 'pir' and update 'pir_desc' to 'vlapic_pir_desc'
type.
- fix potential memory leak in 'vlapic_create()'
should free allocated memory in case of registering
mmio handler failure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
MISRAC requires that the array size should be declared explicitly.
This patch fixes the issues caused by vm0_boot_context.
Fix pattern is like below:
extern char start_of_ROM, end_of_ROM, start_of_FLASH;
memcpy (& start_of_FLASH, & start_of_ROM, & end_of_ROM - &
start_of_ROM);
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- change two timer callbacks to void type
-- ignore the return value for add_timer
-- add (void) before several functions(memset/memcpy/
vcpu_get_xxx)
v1-->v2:
ignore the return value for add_timer
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
removed some unnecessary variables and functions.
v1-->v2:
Replace div-by-zero with an inline ASM code
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1)Fix to take into account the size of proc entries in MPtable.
2)Change APIC ids to virtual APIC IDs
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
V1:
In order to better comply with MISRA C,
add const qualifiers whereeven required.
In the patch, these are being added to pointers
which are normally used in "get" functions.
V2: Corrected the issues in the patch
pointed by Junjie in his review comments.
Moved the const qualifiers to the correct
places. Removed some changes which are not
needed.
V3: Updated patch comment.
This modifies a subset of all the functions
which might need constant qualifiers
for the their parameters.
This is not and exhaustive patch. This only
targets obvious places where we can use
the const qualifier. More changes will be
submitted in future patches, if required.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
vlapic_vmx_vapic_set_tmr is nobody use now, remove it first to avoid
build warning.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
ACRN currently do not support SMM and SMI. Print one explicit warning
for it.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
From SDM Vol3 Table 10-1 Local APIC Register Address Map. The 0x3F0 is
reserved.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, ACRN hasn't expose x2apic capability through cpuid.
And x2apic related code in vlapic.c has no real functionality. This
patch clear related code.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds code to support read-only RTC support for guests
run by partition mode ACRN. It supports RW for CMOS address port 0x70
and RO for CMOS data port 0x71. Reads to CMOS RAM offsets are fetched
by reading CMOS h/w directly and writes to CMOS offsets are discarded.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
after updated cpu context get/set method, the vcpu_dumreg cmd is not
correct anymore as the registers may read from VMCS but meantime hv
shell may not be running on target vcpu.
this patch take use of smp_call_function for vcpu dumpreg and make the
dump always come from correct vcpu.
v2:
- use str pointer to get vcpu_dumpreg context instead of print out directly
in notify handler.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now the DM has adopted the new VHM request state transitions and
REQ_STATE_FAILED is obsolete since neither VHM nor kernel mediators will set the
state to FAILED.
This patch drops the definition to REQ_STATE_FAILED in the hypervisor, makes
''processed'' unsigned to make the compiler happy about typing and simplifies
error handling in the following ways.
* (dm_)emulate_(pio|mmio)_post no longer returns an error code, by introducing a
constraint that these functions must be called after an I/O request
completes (which is the case in the current design) and assuming
handlers/VHM/DM will always give a value for reads (typically all 1's if the
requested address is invalid).
* emulate_io() now returns a positive value IOREQ_PENDING to indicate that the
request is sent to VHM. This mitigates a potential race between
dm_emulate_pio() and pio_instr_vmexit_handler() which can cause
emulate_pio_post() being called twice for the same request.
* Remove the ''processed'' member in io_request. Previously this mirrors the
state of the VHM request which terminates at either COMPLETE or FAILED. After
the FAILED state is removed, the terminal state will always be constantly
COMPLETE. Thus the mirrored ''processed'' member is no longer useful.
Note that emulate_instruction() will always succeed after a reshuffle, and this
patch takes that assumption in advance. This does not hurt as that returned
value is not currently handled.
This patch makes it explicit that I/O emulation is not expected to fail. One
issue remains, though, which occurs when a non-aligned cross-boundary access
happens. Currently the hypervisor, VHM and DM adopts different policy:
* Hypervisor: inject #GP if it detects that the access crossed boundary
* VHM: deliver to DM if the access does not complete falls in the range of a
client
* DM: a handler covering part of the to-be-accessed region is picked and
assertion failure can be triggered.
A high-level design covering all these components (in addition to instruction
emulation) is needed for this. Thus this patch does not yet cover the issue.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISARC has requirements about Marco redefinition, usage of ++ or -- and
assignment operator in boolean expression. This patch is used to solve
these violations.
The modifications are summarized as following:
1.The HC_VM_SET_MEMORY_REGION, HC_VM_GPA2HPA, HC_VM_SET_MEMORY_REGIONS are
redefined twice in acrn_hv_des.h, so delete them to solve the macro
redefinition violations.
2.The macro BUS_LOCK are redefined in bits.h and atomic.h, then delete
the declaration in both two files, add a new declaration in cpu.h and
include the header file.
3.modify the code to solve the improper usage of -- operators in string.c.
4.modify the while loop to for loop to avoid assignment operator in
boolean expression in vlapic.c.
v1 -> v2:
*Modify the format of commit logs and signed-off name.
*Modify the code format from 'd = d-1;' to 'd--;' to be better.
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Thare some debug specific code which don't run on release version, such as vmexit_time,
vmexit_cnt, sbuf related codes, etc...
This patch encloses the codes with #ifdef HV_DEBUG.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that shift operation cannot exceed the word length.
What this patch does:
- Add the pre condition for 'init_lapic' regarding to 'pcpu_id'
Currently, max 8 physical cpus are supported.
Re-design will be required if we would like to support more physical
cpus.
So, add the pre condition here to avoid the unintentional shift
operation mistakes.
- Replace the id type with uint8_t in 'vlapic_build_id'
- For VM0, it uses 'lapic_id' as its id, which is uint8_t.
- For non VM0, it uses 'vcpu_id' as its id, which is uint16_t.
Cast this id to uint8_t to make sure there is no loss of data after
left shifting 24U.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- clear run context when reset vcpu;
- destroy trusty without erase trusty memory when reset vm;
changelog:
v1 -> v2: fix misra violation on calling memset();
Signed-off-by: Sun Victor <victor.sun@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Chi Mingqiang <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The bracket is required when the level of precedence of
the operators is less than 13. Add the bracket to logical
conjunctions. The commit applys the rule to the files under
hypervisor/arch/x86/guest/*
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
ACRN in partition mode emulates UART for the VMs directly launced
from HV. This patch adds an option to enable/disable vUART for a
VM.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
For Partition mode ACRN, kernel load address and Boot args load address
are hardcoded. Boot args are currently passed from vm description for
each VM. Renamed init_vm0_boot_info to init_vm_boot_info.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
MISRAC requires that a switch statement shall contain a default clause.
This patch add the default clause and some comments for the ones
violated the rule.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN boots multiple OS in partitioning mode. This patch adds code to assign
vm_id in the vm data structure to be same as the one assigned at compile time.
This makes the vm id deterministic for each VM booted from HV directly.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
This patch is an extension to the commit 6643adff8b.
It uses the mptable API to build mptable for each VM booted by ACRN in partition mode.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Adding code to map memory for UOS in partitioning mode ACRN.
HPA starting above 4GB is used for UOS memory. Supports only contiguous memory
from host for UOS. Current implementation supports only 2 GB for UOS memory.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not necessary to specify priority for dynamic allocated vector, because
nested irq is not supported on HV, and irq of any priority would cause VM exit.
This commit makes the following changes:
- remove the argument indicating priority in struct irq_request_info and
following functions:
ptdev_activate_entry()
find_available_vector()
irq_desc_alloc_vector()
normal_register_handler()
- change the macro of vector ranges:
VECTOR_DYNAMIC_START/END for dynamically allocable vectors;
VECTOR_FIXED_START/END for fixed allocated vectors, such as vector for
timer etc.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- add clear trusty memory flag
In some cases such as UOS power off or UOS full reset,
need to clear trusty memory,no need to clear memory such as
UOS S3 or UOS system reset,then add a flag to distinguish it
when destroy secure world.
-- Restore trusty memory to guest normal world.
-- Moved free trusty EPT inside destroy_secure_world
In some cases such as UOS S3 or UOS system reset,
only need to free trusty EPT, this patch move free
trusty EPT inside destroy_secure_world.
Because PD/PT are shared in both secure world's EPT
and normal world's EPT,before freeing trusty EPT,
it will memset all PDPTEs except trusty memory,
then call 'free_ept_mem', it can only free trusty EPT,
and does't affect shared normal world EPT.
v2-->v3:
-- Used new mmu api ept_mr_add when restore trusty memory
to SOS and normal world
-- Dropped this patch "Removed reverted page tables for trusty memory"
because map_mem will be removed in future
It will have a patch, need to update this api(ept_mr_add),
it will not create inverted page tables for trusty memory.
v1-->v2:
-- free trusty ept
still use free_ept_mem, not add a new api,but need to
memset pdptes except trusty memory
-- Removed reverted page tables for trusty memory.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRAC does not allow the use of an inline function with external
linkage.
What this patch does:
- Add the static keyword for the function that is only used in the
definition file.
- Remove the inline keyword for the function that is used in multiple
files.
v1 -> v2:
* Move some functions to headers as static inline function if it is
possible
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
V4:
- Clear address cache info after a full cf8/cfc access
- Add NULL pointer checking when calling init/deinit ops
V3:
- Do not use ASSERT
- Loop through the vdev list defined in vm_desctiption table to call the vdev init/unit functions
- Make the cached vbdf info struct per vm instead of per pcpu
V2:
- Fixed MISRA violations
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
If SOS start from 64bit mode, it will use the page table
created by bootloader or BIOS. HV doesn't need to create
page table for it.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, VM0 BSP start mode is hardcoded, in this patch VM0 BSP
start mode is decided by the boot context prepared by bootloader/BIOS.
In current code, VM0 BSP VMCS is override only on UEFI platform.
In this patch, VM0 BSP VMCS is override on both SBL & UEFI platforms.
Also restructure the code of guest init code.
In this patch, a vcpu run_context is initilaized first according to vcpu mode.
Then write the value to vmcs according to run_context value.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The structures defined in acrn_efi.h is x86 related, move it
to acrh/x86/guest/.
Also, the headfile will be used on both SBL & UEFI platforms,
rename it to vm0_boot.h
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
New field in VM's structure:
sworld_snapshot: save cpu_context of secure world.
New hypercall: HC_SAVE_RESTORE_SWORLD_CTX
In UOS S3 suspend path: trusty kernel driver will call this hypercall
to require Hypervisor save context of secure world.
In UOS S3 resume path: virtual firmware will call this hypercall to
require Hypervisor restore context of secure world.
New bit in secure_world_control.flag:
ctx_saved: indicate whether cpu_context of secure world is saved.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Define Bitmap flag to indicate secure world's state:
supported: 0(not supported), 1(supported)
active: 0(inactive), 1(active)
Refine secure_world_memory:
base_gpa_in_sos: base_gpa from SOS's view
base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
allocated by bootloader.
Recording above GPA is for usage of trusty EPT destroy and re-create.
There is an assumption: the secure world's memory address is contiguous
in both SOS and physical side.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partitioning mode boots multiple OS. Adding code to parse
VM description structure and a reference description structure for
booting 2 OSes.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not reasonable to use push/pop against mmio. So we remove
the push/pop emulation.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We inject invalid opcode if instruction decode fails.
We don't support many instruction. If new type guest hit
the invalid opcode and it's necessary to emulate that
instruction, we could add new instruction then.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The DPL from SS access right field is always correct according
to SDM. We use it instead of using CS selector.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When doing copy_to/from_gva, it's possible the guest no page
happens on none-first page. In this case, we need get correct
fault address from gva2gpa.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
This patch add some comments after the default and before the break
in the switch statement based on MISRA-C requirement.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Added prepare_vm function as a wrapper function on top of prepare_vm0.
This makes adding support for partition mode ACRN to boot multiple
VMs from HV cleaner.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
vm_update_register calls vm_get/set_register to update register and vm_update_rflags
calls vm_update_register to update RFLAGS.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vm_update_register/rflags as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vie_read/write_bytereg call vm_get/set_register to get/set byteregs.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vie_read/write_bytereg as non-failed function too.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_set/get_register return -EINVAL when "vcpu == NULL" or reg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid reg in current implementation.
This patch add pre-assumptions about valid parameters before the function and make
them as non-failed functions.
- static uint64_t vm_get_register(struct vcpu *vcpu, enum cpu_reg_name reg)
- static void vm_set_register(struct vcpu *vcpu, enum cpu_reg_name reg, uint64_t val)
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_get_seg_desc return -EINVAL when "vcpu == NULL" or seg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid seg in current implementation.
This patch adds pre-assumptions and makes the function as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch just removes some dead codes related to Instruction Emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, there is cross-references between instr_emul.h and instr_emul_wrapper.h.
User must include both of them when calling instruction emulation functions. This
will raise up some confusion and inconvenience.
So we rearrange the logic of instruction emulation code as following:
- External API -- defined in instr_emul.h
* decode_instruction(struct vcpu *vcpu)
* emulate_instruction(struct vcpu *vcpu)
- Make all other functions as static in instr_emul.c
- Remove instr_emul_wrapper.c/h
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
ASSERT is too strict for HV when error happens during emulating instruction.
This patch remove all ASSERT and return a negative error code when failing to
emulate instruction.
Originally, getcc will return -EINVAL when opsize are not one of (1, 2, 4, 8).
But theoretically, opsize in current implementation can only be one of (1, 2, 4, 8).
So, we will always get valid "cc".
This patch add a pre-assumption and make sure that getcc always return valid value.
For the current code, #GP will be injected to guest if something goes wrong with
instruction emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
There are so many __unused prefix spaning the emulate_xxx functions. This patch
unify the parameters of emulate_xxx to avoid it.
- All emulate_xxx functions are defined as emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie)
or emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie, struct vm_guest_paging *paging).
- Move mmio_read/write to instr_emul.c and call them directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
move most of fields from run_context into ext_context for world switch.
these fields do not need doing runtime save/restore during vm exit/entry.
v3:
- update cr0/cr4 registers switch method
v2:
- use struct name ext_context instead of saved_context
- updated according to previous v2 patch
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there will be 3 types of vcpu runtime contexts:
- runtime contexts always saved/restored during VM exit/entry, which
include general registers rax/rcx/rdx/rbx/rbp/rsi/rdi/r8~r15, cr2 and
msr for spectre control (ia32_spec_ctrl)
- runtime contexts on-demand cached/updated during VM exit/entry, which
include frequently used registers rsp, rip, efer, rflags, cr0 and cr4
- runtime contexts always read/write from/to VMCS, which include left
registers not in above
this patch add get/set register APIs for vcpu runtime contexts, and unified
the save/restore method for them according to above description.
v3:
- update vcpu_get/set_cr0/4 as unified interface to get/set guest cr0/cr4,
use on-demand cache for reading, but always write to VMCS for writing.
v2:
- use reg_cached/reg_updated for on-demand runtime contexts
- always read/write cr3 from/to VMCS
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter name mismatch between API declaration and definition.
v2 -> v3:
* Fix two more violations which are missed in previous report.
shell_puts and console_write
v1 -> v2:
* Replace 'ret_desc' with 'desc'
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In some special scenarios, the LAPIC somehow hasn't send EOI to IOAPIC
which cause the Remote IRR bit can't be clear. To clear it, some OSes
will use EOI Register to clear it for 0x20 version IOAPIC, otherwise
use switch Trigger Mode to Edge Sensitive to clear it.
This patch emulate this IOAPIC behavior to satisfy this requirement.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The IOAPIC specification defined EOI register for 0x20 version. The
original vioapic code implemented this register but the version was
still export as 0x11.
Tried to set 0x20, the Linux kernel has't access this EOI register,
still rely on lapic to send eoi.
From Linux ioapic driver comments, it says that only send EOI via EOI
register when met IOAPIC hardware bug.
This patch removes all 0x20 IOAPIC code to reduce the code size.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
To make vioapic simpler, avoid lots of code to convert variable type
between uint8_t and uint32_t.
This patch changes all variable type of pin related variables to
uint32_t instead of original uint_8.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
During ioapic reset, some registers need to be set to the default value
which defined in ioapic spec.
So far, the vioapic function only be called by ioapic itself in
ioapic_init. And just invoked after calloc the vioapic object, so all
the content are already set to zero. But this vioapic_reset function be
exported as one API which maybe invoked by other scenarios in future.
So this patch resolves this potential issue.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The APIC ID field should be bit 24:27 in IOAPIC Identification register.
The bits 28:31 are reserved bits which need to be avoid touched.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For level sensitive trigger mode, the vioapic should not deliver extra
interrupt to vlapic if the previous one hasn't received EOI.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Merge multiple if to switch-case. And set 0xFFFFFFFFU as the default
value of undefined address.
And the IOREGSEL register only bits 7:0 are defined, so mask the other
bits for read operation.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1, Remove vioapic_mmio_read/vioapic_mmio_write, and combine them to
vioapic_mmio_rw.
2, The vioapic_read/write are used for emulate the ioapic indirect
access logic. So change their name with vioapic_indirect as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Remove structure vm_attr
Wrap two APIs alloc_vm_id and free_vm_id
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
one/two_byte_opcodes is indexed by op_byte. So vie_op->op_byte is unnecessary.
This patch remove it and add a new variable opcode to instr_emul_vie.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are size2mask array to convert addsize to corresponding mask and function
vie_size2mask doing the same thing except validation check of addrsize.
Theoretically, addrsize can only be one of (1, 2, 4, 8). So, the check of addrsize
is unnecessary.
This patch remove vie_size2mask and use size2maks directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We have vm_set/get_register here. There is no need to wrap the function with
vie_read_register.
This patch remove it.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
In order to comply with MISRA C rules, renamed vairables
and function names starting with "_".
The major changes invloves mostly static function
names, as they are being called inside the same file
by a wrapper function.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Change this API to void type
Add pre-condition, state the input parameters are not NULL.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
And export the API to DM. DM will do system reboot/S3 resume based
on this API.
Also add the pre-assumption description for some vm APIs.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the C99 standard, the order of evaluation associated with
multiple #, multiple ## or a mix of # and ## preprocessor
operator is unspecified. For this case, gcc 7.3.0 manual
does not specify related implementation. So it is unsafe
to use multiple # or ## in a macro.
BTW, there are some macros with one or more "##" which are
not used by hypervisor.
Update relate codes to avoid using multiple # or ## in a macro;
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Note:
'##' operator usage constraints: A ## preprocessing token shall
not occur at the beginning or at the end of a replacement list
for either form of macro definition.
V1--V2:
Update relate codes to avoid using multiple # or ## in a macro.
V2-->V3:
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Fix integer related violations.
V1->V2:
clean all memset/calloc integer violations excpet bsp/boot directory
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we don't support resume VM in HC API, the real meaning
of the code is to start VM.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For data structure types "enum vpic_wire_mode, struct stack_canary",
its name is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis tool.
For variables "segment_override, pde_index", its name is identical
with function name. This MISRA C violation is detected.
Naming convention rule:Variable name can be shortened from
its data structure type name.
The following udpates are made:
enum vpic_wire_mode vpic_wire_mode-->enum vpic_wire_mode wire_mode
struct stack_canary stack_canary-->struct stack_canary stk_canary
uint8_t segment_override:1 --> uint8_t seg_override:1
uint32_t pde_index--> uint32_t pde_idx
V1-->V2:
Remove update "enum cpu_state cpu_state-->enum cpu_state state"
and "enum irqstate irqstate-->enum irq_ops_mode ops_mode", other
patch will cover it.
V2-->V3:
Update "uint32_t pde_index--> uint32_t pde_idx".
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For some function pointer type, its name is identical with
variable name in the same scope. This MISRA C violation is
detected.
Naming convention rule:If the type is function
pointer, its name needs suffix "_fn".
The following udpates are made:
*apicv_set_intr_ready-->*apicv_set_intr_ready_fn
*apicv_pending_intr-->*apicv_pending_intr_fn
*apicv_set_tmr-->*apicv_set_tmr_fn
*apicv_batch_set_tmr-->*apicv_batch_set_tmr_fn
*apicv_intr_accepted-->*apicv_intr_accepted_fn
*apicv_post_intr-->*apicv_post_intr_fn
*enable_x2apic_mode-->*enable_x2apic_mode_fn
V1-->V2:
Update function pointer when it is used as calling
since no need to dereference a function pointer
before calling.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
For data structure types "struct pic and struct iommu_domain",
its name is identical with variable name in the same scope.
This MISRA C violation is detected.
Naming convention rule:If the data structure type is used by only one
module and its name meaning is simplistic, its name needs prefix
shorten module name.
Naming convention rule:Variable name can be shortened from its
data structure type name.
The following udpates are made:
struct pic pic-->struct i8259_reg_state i8259
struct iommu_domain iommu_domain-->struct iommu_domain iommu
V1-->V2:
Update "struct iommu_domain iommu_domain-->struct iommu_domain iommu"
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Instead of using two members for maintaining the state of a VHM request, this
patch replaces the transitions with a single state. Basically the lifecycle of a
VHM request shall be:
FREE -> PENDING -> PROCESSING -> COMPLETE -> FREE -> ...
The structure header of vhm_request has more details of the transitions access
limitations under different states.
Also drop the set but unused member vcpu.ioreq_pending.
For backward-compatibility, the obsolete 'valid' member is still kept and
maintained before SOS and DM adapts to the new state transitions.
v2 -> v3:
* Use complete_ioreq to mark an I/O request finished in
dm_emulate_(pio|mmio)_post.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently no post-work is done for I/O requests of type PCICFG or WP. The
impacts include:
1. ''valid'' in VHM request buffers are left as 1 even after the I/O request
completes. This violates the pre-condition of acrn_insert_request_wait()
but does not cause failures since a new I/O request can never happen
before the previous one completes.
2. Values read from PCI configuration spaces are never passed to UOS.
This patch adds the post-work for these two kinds of I/O requests. The post-work
for port I/O is invoked for PCICFG since it is essentially a port I/O and the
request structure is compatible. No post-work is needed for WP as it is only
triggered for EPT violations on writes, while post-work is mainly for reads.
v2 -> v3:
* Consistently use 0/1 (not false/true) for the ''valid'' member.
* Add comments to suggest when the hypervisor can see REQ_PCICFG and why
dm_emulate_pio_post also works in such cases.
* Rename: mark_ioreq_done -> complete_ioreq
* Rename: complete_request -> emulate_io_post
* Rename: hcall_notify_req_finish -> hcall_notify_ioreq_finish
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
For data structure types "struct key_info, struct pir_desc,
struct map_params", its name is identical with variable name
in the same scope. This MISRA C violation is detected by
static analysis tool.
Naming convention rule:If the data structure type is used by only one
module and its name meaning is simplistic, its name needs prefix
shorten module name.
The following udpates are made:
struct key_info-->struct trusty_key_info
struct pir_desc-->struct vlapic_pir_desc
struct map_params-->struct mem_map_params
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
For data struct type struct vie, emul_ctxt, its name
is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis
tool.
According to naming convention rule: If the data structure
type is used by only one module and its name meaning is
simplistic, its name needs prefix shorten module name.
Follow the same rule, data structure name "vie_op" needs
to be renamed;
The following updates are made in this patch:
struct vie-->struct instr_emul_vie
struct vie_op-->struct instr_emul_vie_op
struct emul_ctxt-->struct instr_emul_ctxt
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The variable timer's name is identical with struct
timer s name. This MISRA C violation is detected
by static analysis tool.
According to naming convention rule: If the data
structure type is used by multi modules, its
corresponding logic resource is only used by
hypervisor/host and isn't exposed to external
components (such as SOS, UOS), its name meaning
is simplistic (such as timer), its name needs prefix
"hv_".
Rename struct timer as struct hv_timer.
Replace regular expression:s/struct timer\([ ),;\t\*]\+\)
/struct hv_timer\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
V1:
In order to remove MISRA C violations for rule
219S, rename functions, macros whose name
starts with "_".
Also removed some __mmio functions because they are
duplicates and are not used anywhere.
Renamed functions like __assert, to asm_assert,
because they were only wrappers around asm calls.
V2:
Over and above the changes on V1, modified bitmap
functions names to lock (corresponding to unlock)
introduced in V1
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
The variable vlapic_timer's name is identical with struct
vlapic_timer's name. This MISRA C violation is detected
by static analysis tool.
Rename variable vlapic_timer as vtimer.
Replace regular expression: s/vlapic_timer\([ ;,.)\-]\+\)/vtimer\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Parameter's type which is pointer should not be changed in the
scope of function,assign it's value to local variable to fixed
it out.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many naming violations detected by static analysis
tool. Data structure type name is the same as variable name.
According to naming convention rules, If the data structure
type is used by multi modules and its name meaning is
simplistic (such as vcpu, vm), its name needs prefix "acrn_".
Rename struct vpic as struct acrn_vpic.
Replace regular expression:s/struct vpic\([ ),;\t\*]\+\)/struct acrn_vpic\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many naming violations detected by static analysis
tool. Data structure type name is the same as variable name.
According to naming convention rules, If the data structure
type is used by multi modules and its name meaning is
simplistic (such as vcpu, vm), its name needs prefix "acrn_".
Rename struct vlapic as struct acrn_vlapic
Replace regular expression:s/struct vlapic\([ ),;\t\*]\+\)/struct acrn_vlapic\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The current struct vcpu has two members, namely 'struct vhm_request req' and
'struct mem_io mmio', that hold similar info, including the address, direction, size,
value and status of mmio reqeusts.
As a step towards a unified framework for both MMIO/PIO, this patch unifies
these two members by a tailored version of vhm_reqeust, mostly with the reserved
fields dropped. The definitions to request types, directions and process status
are reused.
Handling errors during emulations will be revisited after the I/O emulation
paths are unified. Thus for this patch the mmio.mmio_status in inherited by
io_req.processed which is not yet properly processed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
hypervisor will crash if user try to call hypercall
HC_CREATE_VM in infinite style.
actually, the number of VMs hypervisor can support
depends on the bit width of 'vmid_bitmap'.should
return error in case of overflow.
other cleanup for this function to avoid memory leak
in case of failure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Merge mmu_modify with mmu_del to mmu_modify_or_del(..., type).
While type is MR_MODIFY, the actual action is doing mmu_modify; while
type is MR_DEL, the actual action is doing mmu_del.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add hcall_change_vm_page_wp_perm to change guest one page write permission.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the function scope,the parameter should not be
changed as Misra required.
V1->V2 recover some violations because of ldra's false positive.
V2->V3 sync local variable' type to parameter's type with the prefix of const.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
SOS boot with all physicall cpus, before running UOS, it should free
CPU resource by offline not used cpus
- first do standard cpu offline flow
- then call hcall_sos_offline_cpu hypercall to release cpu resource really
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if defined CONFIG_VM0_DESC, HV will use predefined vm0_desc to config
VM0, otherwise, HV will run VM0 with all physical cpus.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In vioapic emulating code, the vioapic spinlock is taken twice
in the same context.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
The general-purpose register layout is identical to instructio emulation context.
So no need to do the mapping.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In current code, general-purpose register layout in run_context is not align with the
general-purpose register index when vmexit. So hv needs to map the index used during
vmexit to the index of the general-purpose register in run_context.
This patch align the layout, so that no mapping needed.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. fix some description for hv mmu_modify
2. add pml4_page input parameter for ept_mr_modify to keep align with
ept_mr_add and ept_mr_del which will support add or delete MR for trusty.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. rename set_vm_memmap to set_vm_memory_region
2. split ept_mmap into ept_mr_add and ept_mr_del
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, there are many casts from
an void pointer to integer pointer, then from
integer pointer to structure pointer.
These pointer castings are detected by static analysis
tool. All pointer casts are violations, There are
some duplicated pointer cast. This will make deviation
analysis complex.
BTW, there are one useless pointer casting and one
wrong pointer casting in the hypervisor.
Remvoe duplicated pointer casts to make deviation analysis
simple;
Remove one useless pointer casting;
Update one wrong pointer casting.
Note: There are many void type pointer casts, non-void type
pointer is casted to void type pointer, char type pointer casts,
non-char type pointer is casted to char type pointer. These pointer
casting is need by the memory management module, IO moudle etc.
Deviation analysis will be made and recoded in the analysis report.
V1-->V2:
Fix mixing pointer and array voilation.
V2-->V3:
Remvoe pointer casting from integer pointer into
non-void/non-char pointer directly;
Remove redundant type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The plus and minor have the same level of precedence. The Misra-C
considers it as a violation. Added brackets in between addition and
substraction oprators.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Added brackets for expression to make it easy to understand and
reduce the mistake of precedence. The rule is applied to the
mixed same level of prevedence opeartors, high level presedence
operators and logical expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Removed comment out unused code in vmexit.c, sprintf.c and vmcall.c
Minor fix in vmx.c to prevent Misra-c consider it as a piece of
code.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This is the final cleanup of the integral type related issues, reported by the
static checker, under common/, mostly including
* make explicit the narrowings of vm_ids passed by register.
* work around the confusion of the static checker by abstracting
sub-expressions to local variables.
The remaining reports that are not trivial to suppress will be in the scope of a
separate document.
v1 -> v2:
* Instead of converting vm_ids inside hcall_xxx, update the prototypes of
these functions and do the conversion in vmcall_vmexit_handler.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Clean up most reported integral-type-related violations still existing under
arch/x86/guest/. The remaining reports that are not trivial to suppress will be
explained in separate documents.
Also move acpi_info outside acrn_common.h as the structure is no longer shared
with DM.
v1 -> v2:
* Move struct acpi_info to bsp_extern.h
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The error code in the hypervisor is 32-bit signed integers. To reduce implicit
conversions, this patch make hcall_xxx returns int32_t, and finally converts it
to uint64_t when assigned to rax whose semantics is properly defined in C99.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many type conversions in the atomic
operations invoking reported by static analysis tool. These
type conversions voilate MISRA C.
To keep uniform naming convention, rename atomic operation
function names:
atomic_set_int/long --> atomic_set32/64;
atomic_clear_int/long --> atomic_clear32/64;
atomic_load --> atomic_load32;
atomic_store --> atomic_store32;
atomic_swap --> atomic_swap32;
atomic_readandclear --> atomic_readandclear32;
atomic_inc --> atomic_inc32;
atomic_dec --> atomic_dec32;
atomic_cmpxchg --> atomic_cmpxchg32;
atomic_xadd --> atomic_xadd32.
Update the type of atomic_load32/64, atomic_store32/64,
atomic_swap32/64, atomic_cmpxchg32/6.
Update related variables and callers.
Note: the type of return value and parameters of atomic_xadd32/64
still keep signed int/long since caller pass
negative variable to atomic_xadd32/64;
V1-->V2:
Add comments for atomic_set/clear to differ from
bitmap_set/clear.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie.Mao <junjie.mao@intel.com>
MISRA C requires that a 'if' statement followed by one or more 'else if'
statement shall be terminated by an 'else' statement which contains either
side-effect or a comment, to ensure that conditions are considered
exhaustively.
Note that a simple 'if' statement is not required to be terminated by 'else'.
This patch fixes such violations by either refactoring the code or add the
'else' statement with either a comment (describing why this case can be skipped)
or logging the event. It may not be satisfactory for the release version where
logging is no-op, but properly handling these non-trivial cases is out of the
scope of this patch.
v1 -> v2:
* Fix unintended semantic changes in add_(msix|intx)_remapping and
io_instr_vmexit_handler.
* Simplify boolean checks in vpic_ocw2.
* Rephrase the comment in strtol_deci.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor, there are many members of CPU_reg_name
used to check range and useless register names.
Define some CPU_REG_XX_FIRST and CPU_REG_XX_LAST MACROs to
make range checking clear;
Remove useless register names CPU_REG_XX_LAST in CPU_reg_name;
Update the related caller.
V1-->V2:
Update a mistake, replace second CPU_REG_SEG_FIRST
with CPU_REG_SEG_LAST in ASSERT.
V2-->V3:
Add '()' for bool expression in ASSERT.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- explicitly declare the array size of 'size2mask[]'
otherwise, the static checking tool treats the array size to be 4, so
that it complains when accessing index '4' or '8'
- unify the comments style and make sure the line length less than 80
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ASSERT/panic are called when we get invalid values. It is a little bit strict.
This patch replaces ASSERT/panic with pr_err and return -EINVAL.
v1 -> v2:
- v1 patch name (HV: instr_emul: Remove unnecessary check in decode_xxx)
- keep the check and replace ASSERT/panic with pr_err.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, there are exec_vmread/exec_vmwrite
used for accessing 32-bit fields, 64-bit field and
natural-width fields. This usage will confue developer.
So there are many type casting for the return value and
parameters vmread/vmwrite operations.
Since exec_vmread/exec_vmwrite and exec_vmread64/exec_vmwrite64
are the same, update current exec_vmread/exec_vmwrite
implement into exec_vmread64/exec_vmwrite64 implement
and add MACRO define for exec_vmread/exec_vmwrite in
head file;
To access 64-bit fields in VMCS, callers use
exec_vmread64/exec_vmwrite64;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
Note:Natural-width fields have 64 bits on processors
that support Intel 64 architecture.To access natural-width
fields in VMCS, callers still use exec_vmread/exec_vmwrite,
keep the current implementation.
V1--V2:
This is new part of this patch serial to only
update 64-bit vmread/vmread opertions and related
caller, for netural width fields, still use exec_vmread
or exec_vmwrite.
V2-->V3:
Fix few mistake updations for netural fields in VMCS,
just keep exec_vmread/exec_vmwrite to access them;
Fix few mistake updations for 64-bit fields in VMCS.
V3--V4:
Add "016ll" for 64-bit variable in log function;
Few updates for coding style;
Rename lssd32_idx as tr_sel in VMX module.
V4-->V5:
Use CPU_NATURAL_LAST in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread32/exec_vmwrite32
is for accessing 32-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread32 and exec_vmwrite32 functions to
access 32-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 32 bit vmread/vmread opertions and related
caller.
V2-->V3:
Update related variables type in data structure
for exec_vmread32/exec_vmwrite32.
Rename temp variable 'low' into 'value' for
exec_vmread32;
V3-->V4:
Remove useless type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread16/exec_vmwrite16
is for accessing 16-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread16 and exec_vmwrite16 functions to
access 16-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 16-bit vmread/vmread opertions and related
caller.
V2--V3:
Add "hu" for uint16_t argument in log function;
Add comments for function get_vmcs_field;
Update related variables type for exec_vmread16;
Rename temp variable 'low' into 'value'.
V3-->V4:
Few updates for exec_vmread16.
V4-->V5:
Few updates for coding style;
Replace "hux" with "hu" in log function for 16-bit
variable.
V5-->V6:
CPU_REG_64BIT_LAST is used in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the current "enum cpu_reg_name", there are 16-bit segment
register names, 16-bit descriptor table register names, and
16-bit task register names. These 16-bit register names are
defined among the 64 bit register names. To access these
16-bit fields in VMCS and 32 bit fields in VMCS, more
condition statements need to be used.
Update 16-bit register names position to simplify conditions
in vm_get_register and vm_set_register since different
fields size accessing in VMCS by different vmread/vmwrite
opreation.
Note: After checking the current implementation, the register names of
the same kind of registers (general registers, control registers,
segment registers etc) need to be defined in order, some code checks
the range by using this order. But different kinds of register
names as group, this group position can be adjusted to simplify
conditions.
The follwoing register names group need to be considered in current
implemetation:
(1) General register names group: CPU_REG_RAX~CPU_REG_RDI;
(2) Non-General register names group:CPU_REG_CR0~CPU_REG_LAST;
(3) segment register names group:CPU_REG_ES~CPU_REG_GS.
V1-->V2:
This is new part of this patch serial created in
V2 to rearrange register names as needed.
V2--V3:
Update comment information.
V3-->V4:
Define CPU_REG_NATURAL_LAST and CPU_REG_64BIT_LAST to
make condition more understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This patch cleans up the integral-type-related violations after the access
pattern to RTEs is unified. Major changes include:
1. vioapic_mmio_read(), vioapic_mmio_write() and vioapic_mmio_rw() assumes
the size of the register to be accessed is always 4, which is checked in
vioapic_mmio_access_handler(). Thus they no longer takes the unused
''size'' parameter.
2. Typical integral-type-related violation fixes including 'U' suffixes,
type of local variables, conversion specification in format strings, etc.
v1 -> v2:
* Drop duplicated definitions to IOAPIC register offsets.
* Drop the ''size'' parameter of vioapic_mmio_[read|write] and
vioapic_mmio_rw since vioapic_mmio_access_handler() ensures that size is
always 4.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two different ways the current implementation adopts to access ioapic
RTEs:
1. As two 32-bit registers (typically named ''low'' and ''high''), or
2. As one 64-bit register (typically named ''rte'').
Two issues arise due to the mixed use of these two patterns.
1. Additional conversions are introduced. As an example, ioapic_get_rte()
merges two RTE fragments into a uint64_t, while some callers break it
back to ''low'' and ''high'' again.
2. It is tricky to choose the proper width of IOAPIC_RTE_xxx constants. SOS
boot failure is seen when they are 32-bit due to the following code:
/* reg is uint64_t */
vioapic->rtbl[pin].reg &= ~IOAPIC_RTE_REM_IRR;
while making them 64-bit leads to implicit narrowing when the RTEs are accessed
in the low & high pattern.
This patch defines a union ''ioapic_rte'' and unifies the access pattern
to IOAPIC and vIOAPIC RTEs.
v1 -> v2:
* Instead of two 32-bit ''low'' and ''high'', define a union that allows
either 32-bit or 64-bit accesses to RTEs.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The main focus on: constant suffix U/UL; parameters cast like
uint32 to a uint16 variable; unify some APIs interface,
consist with the callers.
also modify some places to unify code style
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Includes header file of non-static function, and declare the
in-file use function static.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
vmid's type prefered to be uint16_t.
V1->V2:vmid from uint32_t transfer to uint16_t
V2->V3:add range check to hcall's vmid parameter
V3->V4:seperate the declaration and actual code.
V4->V5:remove range check from hcall's vmid parameter
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some duplicate codes in emulate_xxx functions which update rflags and
it deserves a common function to deal with the situation. So, this patch
introduces a new function vie_update_rflags to updating rflags accordingly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We will decode SIB in decode_sib after decode_modrm. So, there is no need to
decode SIB related field in decode_modrm. This patch remove it.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There so many ASSERT following the function vie_read_register and vm_get_seg_desc.
It's better to move the ASSERT to those two functions and make the code more
compact.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
rename vm_hw_logical_core_ids to vm_pcpu_ids
and changed the type to uint16_t.
V1->V2:rename the vm_hw_logical_core_ids
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To minimize explicit casts, this patch adjusts the types of function parameters
and structure fields related to vlapic and update the types in the internal
implementation accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Use local variables to hold struct members before using them, which helps us
avoid confusions from static checkers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Make the type indicators in formatting strings aligned with the actual variables
passed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Most loop variables in vlapic are used in unsigned contexts (include bitops,
arithmetic w/ other unsigned integers, etc). This patch refactors these loop so
the these variables can be unsigned.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
For constants used in unsigned contexts, a 'U' suffix is required per MISRA C
standard.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
The patch fixes integral type related violations on HV pm part.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
like: constant of unsigned int need add U/UL as surfix.
enum value can't use to give or compare with int directlly.
unsigned and signed mis-matched
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires the use of brackets, even when there is only one
statement in the loop body.
Signed-off-by: Ying Liu <ying2.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some integer type conversions reported by static
analysis tool for vcpu id, number of created vcpus, and
vpid, to reduce these type conversions, redesign vcpu id,
number of created vcpus, and vpid type as uint16_t as per
their usage, related 16-bit atomic operations shall be
added in HV.
MISRA C requires that all unsigned constants should have the suffix 'U'
(e.g. 0xffU), but the assembler may not accept such C-style constants.
Add 16-bit atomic add/dec/store operations;
Update temporary variables type and parameters type of
related caller;
Update vpid type as uint16_t;
Replace Macro with constant value for CPU_PAGE_SIZE.
Note: According to SDM A.10, there are some bits defined
in the IA32_VMX_EPT_VPID_CAP MSR to support the INVVPID
instruction, these bits don't mean actual VPID, so
the vpid field in the data struct vmx_capability doesn't
be updated.
V1--V2:
update comments for assembly code as per coding style;
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
